CLI backends (claude-cli etc) don't emit streaming assistant events,
causing TUI to show "(no output)" despite correct processing. Now emits
assistant event with final text before lifecycle end so server-chat
buffer gets populated for WebSocket clients.
- Add resumeArgs to DEFAULT_CLAUDE_BACKEND for proper --resume flag usage
- Fix gateway not preserving cliSessionIds/claudeCliSessionId in nextEntry
- Add test for CLI session ID preservation in gateway agent handler
- Update docs with new resumeArgs default
Add configuration options to automatically accept group and DM invites
from specified ships. This enables bot accounts to automatically join
groups and accept DM conversations without manual intervention.
New config options:
- autoAcceptGroupInvites: boolean - auto-accept group invites
- autoAcceptDmInvites: boolean - auto-accept DM invites
- inviteAllowlist: string[] - only accept from these ships
- inviteBlocklist: string[] - never accept from these ships (priority)
Implementation:
- Subscribe to /v1/foreigns (groups app) for group invite detection
- Subscribe to /v3 (chat app) for DM invite detection
- Send group-join poke to accept group invites
- Send chat-dm-rsvp poke to accept DM invites
- Blocklist takes priority over allowlist
- Auto-refresh subscriptions after accepting invites
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(gateway): prevent auth bypass when behind unconfigured reverse proxy
When proxy headers (X-Forwarded-For, X-Real-IP) are present but
gateway.trustedProxies is not configured, the gateway now treats
connections as non-local. This prevents a scenario where all proxied
requests appear to come from localhost and receive automatic trust.
Previously, running behind nginx/Caddy without configuring trustedProxies
would cause isLocalClient=true for all external connections, potentially
bypassing authentication and auto-approving device pairing.
The gateway now logs a warning when this condition is detected, guiding
operators to configure trustedProxies for proper client IP detection.
Also adds documentation for reverse proxy security configuration.
* fix: harden reverse proxy auth (#1795) (thanks @orlyjamie)
---------
Co-authored-by: orlyjamie <orlyjamie@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>